{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "1aa38317274600a0cabf2c3c3d1ca1b9a42d099e"
            },
            {
              "last_affected": "171b15cac1eb5ec972fea85e596ab8e2b74e2ba1"
            }
          ],
          "repo": "https://github.com/allskyteam/allsky",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.",
  "id": "CVE-2024-44373",
  "modified": "2025-12-05T10:33:45.330799441Z",
  "published": "2025-08-19T19:15:33.497Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://gh0stmezh.wordpress.com/2024/08/25/cve-2024-44373/"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AllskyTeam/allsky/blob/master/html/includes/save_file.php"
    },
    {
      "type": "WEB",
      "url": "https://lean-strand-cb6.notion.site/CVE-2024-44373-21efbd400a6c80f4a5abf5d5eb9b068c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/AllskyTeam/allsky"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}